In first half of this year, Arbor recorded 274 attacks over 100Gbps and 46 attacks over 200Gbps, up 22% and 187%, respectively, when compared with the whole of 2015.

The duration of DDoS attacks is also increasing, according to a Kaspersky Lab report which said attacks lasting 20 to 49 hours accounted for 9% of those in the second quarter of 2016, up from 4% in the first quarter, and those lasting 50 to 99 hours accounted for 4%, up from 1% in the first quarter.

Longest attack

The longest DDoS attack in the second quarter of 2016 lasted 291 hours (12 days), a significant increase on the first-quarter maximum of eight days.

“Thirty minutes may seem like an effective response time against such a powerful DDoS attack, but a survey from IDC last year found that the average cost of critical application failure was between £375,000 and £750,000 per hour, so every second counts when critical systems such as email are down,” said Wieland Alge, vice-president and general manager for Europe at Barracuda Networks.

“The key to effective DDoS protection is the ability distinguish real users from malicious requests, so that suspicious traffic can be blocked or challenged, but this is not easily done,” he added.

According to Alge, a network firewall can protect Layer 4 protocols and even do deep packet inspection, but truly protecting against web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats.

Smaller DDoS attacks can be more dangerous than a powerful assault that knocks a company offline but does not install malware or steal data, warns Neustar.

“Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks,” he said. “This type of misunderstanding leaves the web application exposed, and gives the administrator a false sense of security. A web application firewall is much better suited to combating DDoS attacks.”

Businesses should also consider some form of dynamic client fingerprinting as part of any DDoS solution, said Alge.

“Mechanisms that can detect suspicious clients using script injections and challenge suspected malicious requests with a CAPTCHA test can be a lifesaver when a DDoS army is very distributed, stays below the rate control radar, and its user systems have not been blacklisted,” he said.

The DDoS attack on 123 Reg highlights the fact that DDoS remains a common attack type due to the easy availability of free tools and inexpensive online services that enable anyone with a grievance and an internet connection to launch an attack, and that not all DDoS mitigation techniques provide the same level of protection.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.